CVE-2022-25216
published 2022-03-11CVE-2022-25216: An absolute path traversal vulnerability allows a remote attacker to download any file on the Windows file system for which the user account running DVDFab 12…
PriorityP261high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
13.84%
96.1th percentile
An absolute path traversal vulnerability allows a remote attacker to download any file on the Windows file system for which the user account running DVDFab 12 Player (recently renamed PlayerFab) has read-access, by means of an HTTP GET request to http://:32080/download/.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dvdfab | 12_player | 6.2.10 – 6.2.11 | — |
| dvdfab | playerfab | 7.0.0.0 – 7.0.0.5 | — |
| dvdfab_12_player | playerfab | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect exploitation attempts by monitoring HTTP GET requests to the /download/ endpoint on port 32080, particularly those containing path traversal patterns (e.g., URL-encoded drive letters like C%3a or C:) targeting Windows file system paths. ↗
- →A successful exploitation of CVE-2022-25216 against the Windows system.ini file will return a 200 HTTP response with body content containing the strings 'bit app support', 'fonts', and 'extensions' simultaneously.
- →Flag HTTP GET requests to /download/ on port 32080 that include URL-encoded Windows absolute paths (e.g., %3a for colon, %2f for backslash/forward-slash) as indicators of path traversal exploitation attempts. ↗
- ·The vulnerability affects DVDFab 12 Player (recently renamed PlayerFab); the accessible files are limited to those readable by the Windows user account running the DVDFab/PlayerFab process, so privilege level of the service account affects the blast radius. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:C/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
DVDFab 12 Player/PlayerFab - Local File Inclusion
nuclei·CVSS 7.5
CVE-2022-25216 [HIGH] DVDFab 12 Player/PlayerFab - Local File Inclusion
DVDFab 12 Player/PlayerFab - Local File Inclusion
DVDFab 12 Player/PlayerFab is susceptible to local file inclusion which allows a remote attacker to download any file on the Windows file system for which the user account running DVDFab 12 Player (recently renamed PlayerFab) has read-access.
Template:
id: CVE-2022-25216
info:
name: DVDFab 12 Player/PlayerFab - Local File Inclusion
author: 0x_Akoko
severity: high
description: DVDFab 12 Player/PlayerFab is susceptible to local file inclusion which allows a remote attacker to download any file on the Windows file system for which the user account running DVDFab 12 Player (recently renamed PlayerFab) has read-access.
impact: |
The vulnerability allows an attacker to include arbitrary local files, potentially leading to unauthorized access,
No writeups or analysis indexed.
2022-03-11
Published